This page contains a Flash digital edition of a book.
Protecting information must be at the heart of security It was the night before Boxing Day…


T


he two security officers had enjoyed a wonderful Christmas Day with their


respective families before starting night shift at a large Data Processing Centre. Irritated by the sound of the perimeter alarms, one of the officers disabled them, so they could both get 40 winks. Unfortunately, the engineer in the Operational Control area had done much the same, and when two balaclava-clad thieves broke through a poorly secured perimeter door and started to remove hundreds of thousands of pounds worth of computer components, no one noticed that the global management platforms of two major service providers were slowly closing down – ooops!


Somewhere else in the UK, at a different point in time, a Telecoms company in a hurry to employ temps to work on a major customer management system, reduced the standard of their vetting processes in the name of expediency. One of those temps was really only interested in the sensitive data to which the job gave him access, and taking it home in significant quantities; he later authored a headline grabbing newspaper story highlighting the allegedly poor ‘cyber security’ of the company concerned – oh dear!


Meanwhile, two petty thieves made their way back from a hearing at the local Magistrates Court, when they happened to notice through the window of a modern glass-clad building, two shiny new servers. Returning later that night, they gained access to the building and stole both servers, instantly bringing down a major trading platform – later that day COBRA met to consider the implications, with great embarrassment to all concerned – hmmmm!


Whether we are security people or those trying hard to run a small company successfully, we all remember similar stories, perhaps having suffered from one, or being responsible for managing the consequences. There can be no doubt that in the modern world the availability and integrity of electronic platforms and the systems they support are vital to us as people, security people, business managers, and even the CNI, or potentially the proper functioning of the State.


For those responsible for planning London 2012 and Glasgow 2014, concern about the availability of telecommunications networks, and supporting electronic systems would have been high on their agenda. Just imagine the national embarrassment had TV screens suddenly gone blank during the finale because by accident or design, a critical cable was cut or a system failed. The same will be true of those now working on the technical and physical security preparations for the Rio 2016 Olympics, and the UEFA Euro 2016 in Paris, where a sudden, unexpected loss of data at a critical time could cause both personal and national humiliation.


At a personal level, daily we learn of major leaks of data, banking scams and malware attacks, and it would be easy to think that in the modern world, as individuals or small businesses, we simply need to ensure that we have strong passwords and a good virus checker on our home PC. As security professionals, it might be tempting to think that ‘the game’ has now moved to electronic fraud and data theft, but that would also be a serious mistake. Criminals and those intent on taking advantage of poor security have never respected the artificial divisions within our industry, and they have exploited, and always will exploit, whatever dimension of


security quickly gets them to their goal, whether it be sensitive data to cause embarrassment, computer hardware to sell abroad, or information sufficient to overcome access control and CCTV systems allowing vast quantities of banknotes to be stolen from a cash centre. The protection of information is at the very heart of all that each of us, but particularly security people, is expected to achieve in order to stay safe.


Along the way, there are a three simple rules that can help security people reduce the risk of disasters like those described earlier.


Firstly, no matter where you fit into security, take a 360 degree view of the threats you and your employer face and do not let yourself be lulled into thinking that villains operate in only one dimension.


Secondly, expect the unexpected. If it is Boxing Day evening and the whole world appears asleep, do not drop your guard, as that is when trouble will visit; and if you remain vigilant, and nothing happens, count that a ‘good day’.


And finally, have a well prepared recovery plan readily to hand, because that will minimise the impact, and perhaps even turn the crisis into a surprising success.


And the same is true for business. Any company, particularly those Small to Medium Enterprises that do not benefit from having their own security people, must think hard about the things that can bring them down, and have in place good, multifaceted defences against both the obvious, and less obvious, threats and a plan flexible enough to cope with any surprise event.


To do anything less is to tempt fate at a time when criminality and disaster can arise from any direction, inside or outside, physical or cyber, and usually the one least expected.


Mike Britnell BeCyberSure


www.BeCyberSure.com > © CI TY S ECURI TY MAGAZ INE – WINT ER 2015/16 www. c i t y s e cur i t yma ga z ine . com 31


Page 1  |  Page 2  |  Page 3  |  Page 4  |  Page 5  |  Page 6  |  Page 7  |  Page 8  |  Page 9  |  Page 10  |  Page 11  |  Page 12  |  Page 13  |  Page 14  |  Page 15  |  Page 16  |  Page 17  |  Page 18  |  Page 19  |  Page 20  |  Page 21  |  Page 22  |  Page 23  |  Page 24  |  Page 25  |  Page 26  |  Page 27  |  Page 28  |  Page 29  |  Page 30  |  Page 31  |  Page 32  |  Page 33  |  Page 34  |  Page 35  |  Page 36
Produced with Yudu - www.yudu.com